August 15, 2022

TheCyberThrone

Thinking Security ! Always

Log4j-Scanner From CISA

The CISA has announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046 & CVE-2021-45105

log4j-scanner is a project derived from other members of the open-source community by CISA’s Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities

Advertisements

This scanning solution builds upon similar tools, including an automated scanning framework for the CVE-2021-44228 bug dubbed Log4Shell.This enables security teams to scan network hosts for Log4j RCE exposure and spot web application firewall (WAF) bypasses that can allow threat actors to gain code execution within the organization’s environment.

CISA highlights the following features on log4j-scanner’s project page:

  • Support for lists of URLs.
  • Fuzzing for more than 60 HTTP request headers (not only 3-4 headers as previously seen tools).
  • Fuzzing for HTTP POST Data parameters.
  • Fuzzing for JSON data parameters.
  • Supports DNS callback for vulnerability discovery and validation.
  • WAF Bypass payloads.
Advertisements

CISA’s also spearheading a push for urgently patching devices vulnerable to Log4Shell attacks to block threat actors’ attempts to exploit Log4Shell vulnerable systems and infect them with malware.

%d bloggers like this: